Collaborate Disseminate
WhatsApp users are urged to update the Windows client app to plug a serious security vulnerability (CVE-2025-30401) that may allow attackers to trick users into running malicious code. Meta classifies the vulnerability as a spoofing issue that makes al… Continue reading WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401)
A critical RCE vulnerability (CVE-2025-30406) affecting the Gladinet CentreStack file-sharing/remote access platform has been added to CISA’s Known Exploited Vulnerabilities catalog on Tuesday. According to the vulnerability’s entry in NIST… Continue reading RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406)
April 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) that’s under active attack. CVE-2025-29824 CVE-2025-29824 is a user-after-free vulnerability in the Windows Common… Continue reading Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)
WinRAR users, upgrade your software as soon as possible: a vulnerability (CVE-2025-31334) that could allow attackers to bypass Windows’ Mark of the Web (MotW) security warning and execute arbitrary code on your machine has been fixed in version 7… Continue reading WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334)
A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure … Continue reading Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the flaw to its Known Exploited Vulnerabilities catalog. Cisco has followed up w… Continue reading Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439)
Steam was the most imitated brands by phishers in the first quarter of 2025, followed by Microsoft and Facebook/Meta, Guardio researchers have revealed. “Historically, the #1 spot has been dominated by the usual suspects – big tech companie… Continue reading Phishers are increasingly impersonating electronic toll collection companies
Sending end-to-end encrypted (E2EE) emails from Gmail enterprise accounts is about to become much easier than it is now, Google has announced on Tuesday. The company will first make available this simplified capability to users who want to send E2EE em… Continue reading Google is making sending end-to-end encrypted emails easy
North Korean IT workers are expanding their efforts beyond the US, and are seeking to fraudulently gain employment with organizations around the world, but most especially in Europe. According to Google’s threat researchers, they are also increas… Continue reading North Korean IT workers set their sights on European organizations
Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening, the Shadowserver Foundation has shared on Monday, and the attackers have been leveraging publicly available PoC exploit code. What can … Continue reading Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)